224 lines
9.0 KiB
Plaintext
224 lines
9.0 KiB
Plaintext
##############################################
|
|
# Sample client-side OpenVPN 2.0 config file #
|
|
# for connecting to multi-client server. #
|
|
# #
|
|
# This configuration can be used by multiple #
|
|
# clients, however each client should have #
|
|
# its own cert and key files. #
|
|
# #
|
|
# On Windows, you might want to rename this #
|
|
# file so it has a .ovpn extension #
|
|
##############################################
|
|
|
|
# Specify that we are a client and that we
|
|
# will be pulling certain config file directives
|
|
# from the server.
|
|
client
|
|
|
|
# Use the same setting as you are using on
|
|
# the server.
|
|
# On most systems, the VPN will not function
|
|
# unless you partially or fully disable
|
|
# the firewall for the TUN/TAP interface.
|
|
;dev tap
|
|
dev tun
|
|
|
|
# Are we connecting to a TCP or
|
|
# UDP server? Use the same setting as
|
|
# on the server
|
|
proto udp
|
|
|
|
# The hostname/IP and port of the server.
|
|
# You can have multiple remote entries
|
|
# to load balance between the servers.
|
|
remote ga-st-gw-surf2.oopen.de 1195
|
|
|
|
topology subnet
|
|
|
|
# Keep trying indefinitely to resolve the
|
|
# host name of the OpenVPN server. Very useful
|
|
# on machines which are not permanently connected
|
|
# to the internet such as laptops.
|
|
resolv-retry infinite
|
|
|
|
# Most clients don't need to bind to
|
|
# a specific local port number.
|
|
nobind
|
|
|
|
# Try to preserve some state across restarts.
|
|
persist-key
|
|
persist-tun
|
|
|
|
# Server CA
|
|
<ca>
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIFKjCCBBKgAwIBAgIJANXFq8sijdObMA0GCSqGSIb3DQEBCwUAMIG+MQswCQYD
|
|
VQQGEwJERTEPMA0GA1UECBMGSGVzc2VuMRQwEgYDVQQHEwtTdG9ja2hhdXNlbjEY
|
|
MBYGA1UEChMPR0EgQWx0ZW5zY2hsaXJmMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
|
|
Y2VzMRIwEAYDVQQDEwlWUE4tR0EtY2ExDzANBgNVBCkTBlZQTiBHQTEuMCwGCSqG
|
|
SIb3DQEJARYfaXRAZ2VtZWluc2NoYWZ0LWFsdGVuc2NobGlyZi5kZTAeFw0xNTEw
|
|
MDkxNTQwMzBaFw00NTEwMDgxNTQwMzBaMIG+MQswCQYDVQQGEwJERTEPMA0GA1UE
|
|
CBMGSGVzc2VuMRQwEgYDVQQHEwtTdG9ja2hhdXNlbjEYMBYGA1UEChMPR0EgQWx0
|
|
ZW5zY2hsaXJmMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRIwEAYDVQQDEwlW
|
|
UE4tR0EtY2ExDzANBgNVBCkTBlZQTiBHQTEuMCwGCSqGSIb3DQEJARYfaXRAZ2Vt
|
|
ZWluc2NoYWZ0LWFsdGVuc2NobGlyZi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
|
ADCCAQoCggEBAKLTHSHgX6/Ibr3AlmJfQ3k3yTvaD031Ps3c+bsXgOQEPNO4x7er
|
|
8R47osA7FHNKI8ob7jnX/xJSJcsE2B1zsYpceW7IN/Mmmz0eZyIr7B0tu2dFixxC
|
|
t4Vi4dBTh8ZvEaTZ3YUzROBc/YnWFyq3NFZ0DLdJBX+lFXAYg7qVyD7RCB1Yrwxq
|
|
rJFYK28qeIi4WHfHQICZ1dBlf7qpnL76MjfzjjiTTs4MZwjYRT2RJaPOhnNzPaeF
|
|
c11kP8T+ER46TqYbmBuImpoOntca002opJxw9iXoYJRLYYfhs4XS654iApGbG0vc
|
|
2Kd7uH+QyWElW19EDmeDRJM6Bc0LUu1rKtkCAwEAAaOCAScwggEjMB0GA1UdDgQW
|
|
BBQ1n9sNhkD5ZQ7jRXnON5gNKFeVWTCB8wYDVR0jBIHrMIHogBQ1n9sNhkD5ZQ7j
|
|
RXnON5gNKFeVWaGBxKSBwTCBvjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3Nl
|
|
bjEUMBIGA1UEBxMLU3RvY2toYXVzZW4xGDAWBgNVBAoTD0dBIEFsdGVuc2NobGly
|
|
ZjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAGA1UEAxMJVlBOLUdBLWNh
|
|
MQ8wDQYDVQQpEwZWUE4gR0ExLjAsBgkqhkiG9w0BCQEWH2l0QGdlbWVpbnNjaGFm
|
|
dC1hbHRlbnNjaGxpcmYuZGWCCQDVxavLIo3TmzAMBgNVHRMEBTADAQH/MA0GCSqG
|
|
SIb3DQEBCwUAA4IBAQCXp1hi923vehUa/Gd9Ze9UobRo0kPCLxgQkPOotUPAX+Dp
|
|
BDJOIHzoijORN4LmtQV+UNbRGsGU+Mwbejx1b4NHrFtj6KaCbCdB3bumcSmfFbaJ
|
|
QM+qvMtQYXx1NnFnoV6PYD9ZjfsY0AaVi5FB/eHnP5xuGzmbq7gPgG5sz2RO5jcR
|
|
1jO26hbrOINfYplu/NNQqBfRJPwyPFjHcCD/wWE63fnue3A5Oj6jUcuNLbOAHJEy
|
|
Pu37BPHNzjnTUdOe9scXp3WMCJXOtdxoZkfHfGKXYhz//XwX6X/hJMzOZ2K+kUHC
|
|
NfKwQ6snmDzycXtx0EqsYjzGgxbOR0qJbK/pJhii
|
|
-----END CERTIFICATE-----
|
|
</ca>
|
|
|
|
# Client Certificate
|
|
<cert>
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIFhDCCBGygAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCREUx
|
|
DzANBgNVBAgTBkhlc3NlbjEUMBIGA1UEBxMLU3RvY2toYXVzZW4xGDAWBgNVBAoT
|
|
D0dBIEFsdGVuc2NobGlyZjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAG
|
|
A1UEAxMJVlBOLUdBLWNhMQ8wDQYDVQQpEwZWUE4gR0ExLjAsBgkqhkiG9w0BCQEW
|
|
H2l0QGdlbWVpbnNjaGFmdC1hbHRlbnNjaGxpcmYuZGUwHhcNMTUxMDA5MTYwNzUz
|
|
WhcNMzUxMDA5MTYwNzUzWjCBvTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3Nl
|
|
bjEUMBIGA1UEBxMLU3RvY2toYXVzZW4xGDAWBgNVBAoTD0dBIEFsdGVuc2NobGly
|
|
ZjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczERMA8GA1UEAxMIZ3ctY2t1YnUx
|
|
DzANBgNVBCkTBlZQTiBHQTEuMCwGCSqGSIb3DQEJARYfaXRAZ2VtZWluc2NoYWZ0
|
|
LWFsdGVuc2NobGlyZi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
|
|
AK7355Rx645LFvVBtQAzVNqcEVSj4xQP9B3jMiCUSP1G2LJ2EjsjPKLy5IGa5YWr
|
|
w904xeDK7q8REvGPeDp4pT+56k6O2j7md9XOy1Y6yr+X1qVlSRXO4Hta+cKWinAY
|
|
vjtPIL3FubVGB/FUrXZWR/GD7nyKnelCI6Gntvt2wwWt3aj+yPoV9J86MN1NwFAz
|
|
Cxn2UcufcFPHfIDFaXpMuwbsRuRudxh3fBRYRkmarB+mRl/3HHEzpCX0gpKWVv2v
|
|
a8RaDu/T5mg2yOiMHHUS+D40LmTdo7yzfizoVlVbGrNG5AbXs/gZRKMOLZIPyGR2
|
|
r+eD+2KhOpFW+kdjwsPFe0ECAwEAAaOCAYowggGGMAkGA1UdEwQCMAAwLQYJYIZI
|
|
AYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
|
|
FgQUdxceVU2ZsbHErH1NiTl5R5Oj99kwgfMGA1UdIwSB6zCB6IAUNZ/bDYZA+WUO
|
|
40V5zjeYDShXlVmhgcSkgcEwgb4xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZIZXNz
|
|
ZW4xFDASBgNVBAcTC1N0b2NraGF1c2VuMRgwFgYDVQQKEw9HQSBBbHRlbnNjaGxp
|
|
cmYxGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1HQS1j
|
|
YTEPMA0GA1UEKRMGVlBOIEdBMS4wLAYJKoZIhvcNAQkBFh9pdEBnZW1laW5zY2hh
|
|
ZnQtYWx0ZW5zY2hsaXJmLmRlggkA1cWryyKN05swEwYDVR0lBAwwCgYIKwYBBQUH
|
|
AwIwCwYDVR0PBAQDAgeAMBMGA1UdEQQMMAqCCGd3LWNrdWJ1MA0GCSqGSIb3DQEB
|
|
CwUAA4IBAQBBTSwtPN85g+0QPT8XvxYQFv9PedtEFdKf4R5JWisSI0hyvW9Sf3Vc
|
|
4bc2GYIIG2DFSJip2lUgyvC3yOqKtT6vF32M4NS+GglDOycXWbpZNB9vtjrDvpo/
|
|
Xhv8dSuwE9BIsoJF+peEbP6lINGi6W/p61NHWmO1ClvtZyRxb4YnqOmIEr9s3XP7
|
|
Mm6nttX7690jwZoae/xwGOy17eUz/cGLBq2t7t7m1rhU4ErvGgJOP9PKHkgFrYjm
|
|
jHeBXLbHsff+Tq10bhyiDb0hsAoZi1bViGpRtfaQ+eC0rXnDy/C+/nm+SzlEKeiC
|
|
2XmTO8dbNgoOqETj7d/iDd4copvdzZYw
|
|
-----END CERTIFICATE-----
|
|
</cert>
|
|
|
|
# Client Key
|
|
<key>
|
|
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI5AUTsVDif7oCAggA
|
|
MBQGCCqGSIb3DQMHBAg12+MbxEoyygSCBMgCrl75V6WYOCdXaXmPDePYFZnY1rms
|
|
O7VBq16osPoJCUbnowfDlWyj73kM0kypBQPK1l9ZtXiC50BgbjPS16CeeAZNvFyr
|
|
/1glAmHv4wKArmzF8GL98vEDsKbnBV9nFnPe1YV+Rq4QqeSiOmnWJOqoFbpYDJiO
|
|
f2Io1g9DgoYYjMhvvjMk/mG4Oa6aOueMDYBFQ17NCNwXDj65HI685SiMEYzksQEW
|
|
GcerSML5Q9PDwbaiH+xs1AVp3MEa65PDj3KW7jcB8LenSAzodXo6dhzJelSgv2Bo
|
|
Q769n14ZetOK0Mv/o4blxQAPsbfknKylg/tvGIkFt38mH3PBJeXCNElyWHZJD6BR
|
|
xZah53ajLQa6XXhV2LOj+qKjgvIH4lwb10nr+eL3VdXKPXdMrGQUHHx59Z5zGnwK
|
|
qoRvKOtx/Lk56c+ycjCo0MJW4QddxB8rBmMEduUcI+jIk0ffF26F/uWh/gZO59hj
|
|
Tu6cGAgZY5hxkofm+b4FdyC8dNgQUspPqs9iIqkMSjttzuihme2qdQg5cgl0F2Zp
|
|
u7FTp/E8CsRX+MpVm/i+/0oXi9hspvEwfZcg1hpk3LdF2w3Ym+Wj/jlBiUbTC17K
|
|
YSLQQk2WEWLbvhGLA/3Hp2auYm0h4PxyG9lp1RTkK6WJSz+Vjc/Y8V01Ml5l7pT5
|
|
22eTksbqTeNcasCZkm7dEfAiuA222qS6OUZLzUkX9cBb6EXG/XIQ0qzY6c0UR/38
|
|
qfU0aP1Z08mIwMhGfyn/QmYTcxMw2rov6eHt2tsemDFXNf3qj2dUvJn91nu4b0OQ
|
|
3ddYB6mazfwCOqXeAzxv+POxuJvjUIx3MmIyQtQTvlNa0nzg89DNlAtBrRKDJVvS
|
|
mRLEBT/mFTz6KPpdfVp+qdx+akAQ7YCpmRfBs1Am685b9azOs8+VQOl8rp4PpkU3
|
|
T2rSCRpc7O6hW+YZYBwEMgJn0Qs5YXyiE8Js+k9QB5d20hGIJQAQ6hAyLLamHcj4
|
|
K6KaBhycvsXvB27drkkofQOVEIV751McsgwC+cxS2DRaJf4udr20Pg/2Trc539kp
|
|
anj/hT2auv3/rGGTfY9RLblp00eCjKazltsg3/DbQ5S34hSxnipfa7o6PACxqgAk
|
|
qgZ0G5K/smgql5nppPpE8udS0utfDKgi7lCwlviIfKY/UjsQwRr3wh1L2NrjG1nY
|
|
f7df0/WfVAc9+LA7QBVtKp68oh2wTCGQXdhgjwJgDMJp7xA/I1kd6tsjkXPjPNct
|
|
tg1MZYL/jDjAEzC96ikhLCjbybLVmL3NJKC8Y5+kpxrIs7W4T+ZwTXwfgBUN58Kw
|
|
ZHK7JSQzlBKmLlRbpYcjT+Ra5Mf78xA0ZsJ5D7yVoKYmMRfGfDAXQ4s3ri/EyC5h
|
|
t4FeFvUdrr4fTu3FlxCAOhxV6rFG/pkjIe/o0JHEZpTvxnd9algrNCTu4D6EFJTW
|
|
tQNfQY0mctQhtuMoqG51dB1jVRnZ+f+b7bzBnsesSzJNXKcrq8N0mgcZx0nNDn65
|
|
Db32YOv28+JaID53Bq811tHtsybiuTCx+77oubUaH1it5xIMe7NzL9/gQAPkfn5r
|
|
LnaDPGgPFEy6UaErrCOo10CkLq61VoCj8DgQz5fQ41OQrd0WbKYR5yqh/nTXpFus
|
|
z3U=
|
|
-----END ENCRYPTED PRIVATE KEY-----
|
|
</key>
|
|
|
|
# Verify server certificate by checking
|
|
# that the certicate has the nsCertType
|
|
# field set to "server". This is an
|
|
# important precaution to protect against
|
|
# a potential attack discussed here:
|
|
# http://openvpn.net/howto.html#mitm
|
|
#
|
|
# To use this feature, you will need to generate
|
|
# your server certificates with the nsCertType
|
|
# field set to "server". The build-key-serve
|
|
#
|
|
# Note!
|
|
# This option has been deprecated since version 2.4 and
|
|
# will be removed from later distributions.
|
|
#
|
|
#ns-cert-type server
|
|
|
|
# If a tls-auth key is used on the server
|
|
# then every client must also have the key.
|
|
#
|
|
# Don't forget to set the 'key-direction' Parameter if using
|
|
# Inline Key. Usualy , sever has key direction '0', while client
|
|
# has ke direction '1'.
|
|
#
|
|
key-direction 1
|
|
<tls-auth>
|
|
-----BEGIN OpenVPN Static key V1-----
|
|
2e6c91c0db488d5f018432f60605fbba
|
|
5ec1afd4522ddd28d917ade2c7515daf
|
|
9a7a3104b523c929f10a2ccdd2197b83
|
|
949e5644669ab0f82b62e08aa887252a
|
|
cc20618f9f8c1b0eeded6ea92a392e79
|
|
e477a890e2800cf0cf340ac6139cf7a6
|
|
0cfc5c713a39e8b2c44347006bb90583
|
|
8fe0bccf4feea50e7880ee7c7c510114
|
|
e9613960f8af9096fc46d75886b1bdbd
|
|
773b77d9044db17109a5615614797b98
|
|
bdacaae155966bad69819d08f1c8cafa
|
|
1cf102981e2188d155d26043b59538b9
|
|
15c1d67430d6b67c9c313123fb7cb427
|
|
29cc6972e63470c74c6bf2342fb57ba3
|
|
50d3254df49d2158f4faf5bc38fa9d69
|
|
1014d126eac903e30f6c97df69a3b665
|
|
-----END OpenVPN Static key V1-----
|
|
</tls-auth>
|
|
|
|
# Select a cryptographic cipher.
|
|
# If the cipher option is used on the server
|
|
# then you must also specify it here.
|
|
;cipher BF-CBC # Blowfish (default)
|
|
;cipher AES-128-CBC # AES
|
|
;cipher DES-EDE3-CBC # Triple-DES
|
|
|
|
# Enable compression on the VPN link.
|
|
# Don't enable this unless it is also
|
|
# enabled in the server config file.
|
|
comp-lzo
|
|
|
|
# Verbosity level.
|
|
# 0 -- quiet except for fatal errors.
|
|
# 1 -- mostly quiet, but display non-fatal network errors.
|
|
# 3 -- medium output, good for normal operation.
|
|
# 9 -- verbose, good for troubleshooting
|
|
verb 4
|
|
|
|
# Setting 'pull' on the client takes care to get the 'push' durectives
|
|
# from the server
|
|
pull
|